Product
The SureCart plugin for WordPress, in versions up to and including 4.2.3, is vulnerable to privilege escalation through an account takeover, where unauthenticated attackers can exploit a lack of proper identity validation during customer profile synchronization via webhook events to change linked user email addresses, potentially leading to administrator account compromise.